WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via auxcontactbox and auxgmaps Shortcodes vulnerability discovered by David Gallagher BatFeats - Adept Digital in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.0...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Modern Heading Widget vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.13...

PT-2026-1695

Name of the Vulnerable Software and Affected Versions Phlox Theme Plugin for WordPress versions prior to 2.17.14 Description The Shortcodes and extra features for Phlox theme plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs due to insufficient input sanitization and...

CVE-2025-13215 Shortcodes and extra features for Phlox theme <= 2.17.13 - Unauthenticated Draft Posts Information Exposure

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.17.13 via the auxelsajaxsearch due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers...

EUVD-2024-17105

Malicious code in bioql PyPI...

EUVD-2024-32103

Malicious code in bioql PyPI...

EUVD-2024-17141

Malicious code in bioql PyPI...

EUVD-2024-50979

Malicious code in bioql PyPI...

EUVD-2024-49217

Malicious code in bioql PyPI...

CVE-2024-12588

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Staff widget in all versions up to, and including, 2.17.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-3587

The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Portfolios Widget in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

CVE-2024-3341

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auxgmaps' shortcode in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

CVE-2024-1396

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titletag’ parameter in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-3517

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion Widget in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2023-7064

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.17.5 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxintemplatecontrolimporter' function. This makes it possibl...

CVE-2024-12588

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Staff widget in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-12588

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Staff widget in all versions up to, and including, 2.17.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-9545

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's auxcontactbox and auxgmaps shortcodes in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-9545 Shortcodes and extra features for Phlox theme <= 2.16.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's auxcontactbox and auxgmaps shortcodes in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-8486

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping. This make...